United States Patent (19)
`Moussa et al.
`
`US006035406A
`Patent Number:
`11
`(45) Date of Patent:
`
`6,035,406
`Mar. 7, 2000
`
`54 PLURALITY-FACTOR SECURITY SYSTEM
`
`75 Inventors: Mohamed A. Moussa, Sunnyvale;
`Chih S. Chan, Saratoga, both of Calif.
`s
`s
`73 Assignee: Quintet, Inc., Cupertino, Calif.
`
`21 Appl. No.: 08/831,854
`22 Filed:
`Apr. 2, 1997
`
`56)
`
`5,581,630 12/1996 Bonneau, Jr. ........................... 382/116
`5,694,471 12/1997 Chen et al. ..
`... 380/25
`5,706,427
`1/1998 Tabuki ........
`... 713/202
`5,719,950 2/1998 Osten et al. ............................ 382/115
`5,742,683 4/1998 Lee et al. .................................. 380/23
`5,774,551
`6/1998 Wu et al. ...
`... 380/25
`5,799,092 8/1998 Kristol et al.
`... 380/51
`5.841,970 11/1998 Tabuki ........
`... 713/202
`5,881,226 10/1996 Veneklase ...
`... 713/202
`5,907,149 5/1999 Marckini ................................. 235/487
`OTHER PUBLICATIONS
`(51) Int. Cl. ................................................ G06F 11/00
`IEEE Spectrum, “Vital Signs of Identity”, by Miller PP
`52 U.S. Cl. .............................. 713/202; 713/201; 380/4;
`22–30, Feb. 1994.
`380/23: 380/25; 380/30; 382/115; 382/116
`58 Field of Search ..................................... 713/202, 201;
`Primary Examiner Robert W. BeauSoliel, Jr.
`ASSistant Examiner Wasseem H. Hamdan
`382/115, 116, 117; 380/23, 25, 30, 4
`Attorney, Agent, or Firm-Swernofsky Law Group
`References Cited
`57
`ABSTRACT
`U.S. PATENT DOCUMENTS
`The invention provides a method and System for simulta
`4,405,829 9/1983 Rivest et al. .............................. 380/30
`neously authenticating a user using two or more factors,
`4,438,824 3/1984 Mueller-Schloer ....................... 380/23
`Such as both a password and a physical token or both a
`4.736,423 4/1988 Matyas ...................................... 380/23
`password and biometric information. The user presents a
`4,799,153
`1/1989 Hahn et al...
`... 713/201
`physical token including a storage device to a processor and
`5,036,461
`7/1991 Elliott et al. .............................. 380/24
`5,191,611
`3/1993 Lang ......................................... 380/25
`attempts to log in using a first password; the processor
`5,191,613 3/1993 Graziano et al. ......................... 380/25
`includes a login Service which receives the first password,
`5,204,961 4/1993 Barlow .................................... 713/201
`accesses the Storage device to transform the first password
`5,241,594 8/1993 Kung
`380/3
`5,278.904
`1/1994 servi .380.23 into a Second password, and authenticates the Second pass
`... 38.2/118
`word using an operating System for the processor. The
`5,432,864 7/1995 Lu et al.
`... 710/266
`Storage device includes encrypted information regarding the
`5,455.953 10/1995 Russell ..........
`... 713/200
`Second password which can be relatively easily determined
`5,469,576 11/1995 Dauerer et al. ...
`... 713/201
`in response to the first password, but which cannot be
`5,481,720
`1/1996 Loucks et al. ...
`5,491,752 2/1996 Kaufman et al. .
`- - - - - 380/30
`relatively easily determined without the first password. The
`5,495,533 2/1996 Linehan et al. ........................... 380/21
`System or the Storage device may also Store information for
`5,497,421 3/1996 Kaufman et al. ......................... 380/23
`biometric authentication of the user
`5,506.961
`4/1996 Carlson et al. ...
`... 713/200
`5,534.855 7/1996 Shockley et al. .
`340/825.3
`5,535,276
`7/1996 Ganesan .................................... 380/25
`
`9 Claims, 1 Drawing Sheet
`
`
`
`210
`
`
`
`230
`
`
`
`ENTER USERNAME
`
`GENERATE
`NEW DATABLOCK
`
`221
`
`222
`
`223
`
`224
`
`225
`
`226
`
`
`
`227
`
`ENTER
`PASSWORD O
`
`DETERMINE
`INDEX VALUESN
`
`AUTHENTCATE
`PHYSICAL TOKEN
`
`BUILD PASSWORD
`STRINGS
`
`OTHER
`AUTHENTICATION
`
`AUTHENTICATE
`STRINGS BY
`OPERATING SYSTEM
`
`
`
`WRITE NEW
`DATABLOCK
`
`STORE NEW VALUES
`NAUTHENTICATION
`DAABASE
`
`241
`
`242
`
`243
`
`200
`
`BANK OF AMERICA ET AL. EXHIBIT 1032
`
`Page 1 of 7
`
`

`

`U.S. Patent
`
`Mar. 7, 2000
`
`6,035,406
`
`1 OO
`
`PROCESSOR
`
`110
`
`
`
`
`
`
`
`
`
`PHYSICAL
`
`O
`14
`
`150
`
`SYSTEM
`
`KEYBOARD
`
`FIG. 1
`
`
`
`210
`
`230
`
`ENTER
`PASSWORD O
`
`
`
`221
`
`222
`
`223
`
`
`
`224
`
`241
`
`242
`
`243
`
`STORE NEW VALUES
`NAUTHENTICATION
`DAABASE
`
`
`
`
`
`225
`
`226
`
`BUILD PASSWORD
`STRINGS
`
`OTHER
`AUTHENTICATION
`
`227
`
`
`
`AUTHENTCATE
`STRINGS BY
`OPERATING SYSTEM
`
`FIG. 2
`
`200
`
`Page 2 of 7
`
`

`

`1
`PLURALITY-FACTOR SECURITY SYSTEM
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`The invention relates to computer Security Systems.
`2. Related Art
`Security Systems which attempt to authenticate a user are
`based on one or more of three kinds of information: (1)
`secret information which is shared by the user and the
`System, Such as a password, PIN, or pass phrase; (2) a
`physical object which is possessed by the user and recog
`nized by the System, Such as a physical key, token or active
`electronic device; and (3) biometric information which is
`unique to the user and which can be received and authen
`ticated by the System, Such as a fingerprint, handwritten
`Signature, retinal Scan, or Voiceprint. Security Systems which
`use more than one of these factors are considered more
`Secure than those which do not.
`Electronic Security Systems which require a physical
`token may operate by using a challenge and response
`System, in which the System issues an electronic challenge
`to the physical token and in which the user interacts with the
`physical token to obtain an electronic response. If the
`response is one which the System associates with the chal
`lenge as proper, the physical token is recognized and the
`Security System is able to authenticate the user, at least using
`the physical factor.
`A first problem which has arisen in the art is that such
`physical tokens are thus required to be “active,” that is that
`they require electrical power to operate and therefore have
`a limited operational lifetime.
`A Second problem which has arisen in the art is that
`known Security Systems which require Such physical tokens
`operate by first authenticating the user using Secret infor
`mation (Such as requiring the user to log in using a
`password), then execute an application program for Security
`authentication of the physical token. Similarly, known Secu
`rity Systems which require biometric information operate by
`first authenticating the user using Secret information, then
`execute an application program for Security authentication
`of the biometric information. Security systems which allow
`users to execute application programs before they have been
`fully authenticated are considered leSS Secure than those
`which do not.
`A third problem which has arisen in the art is that known
`Security Systems which require Such physical tokens require
`the user to enter the Secret information (Such as a password
`or PIN) to the physical token for the challenge and response.
`This provides an additional Source for authentication error or
`for exposure of the user's Secret information, neither of
`which would be desirable.
`Accordingly, it would be desirable to provide a method
`and System for providing authentication using two or more
`factors without allowing the user to execute any application
`programs before authentication for all factorS is complete. It
`would also be desirable to provide a method and system for
`providing electronic authentication using a physical token
`which does not require electrical power to operate. It would
`also be desirable to provide a method and system for
`providing electronic authentication using a physical token
`which does not require the user to enter data or otherwise
`interact with the physical token. These advantages are
`achieved in an embodiment of the invention in which the
`physical token includes a passive Storage device and a login
`Service obtains password information from the Storage
`
`1O
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6,035,406
`
`2
`device, So as to Simultaneously authenticate the user with
`both a password and the physical token itself.
`SUMMARY OF INVENTION
`The invention provides a method and system for simul
`taneously authenticating a user using two or more factors,
`Such as using both a password and a physical token, or using
`a password, a physical token, and biometric information.
`The user presents a physical token including a Storage
`device to a processor and attempts to log in using a first
`password; the processor includes a login Service which
`receives the first password, accesses the Storage device to
`transform the first password into a Second password, and
`authenticates the Second password using an operating Sys
`tem for the processor. In a preferred embodiment, the
`Storage device includes encrypted information regarding the
`Second password which can be relatively easily determined
`in response to the first password, but which cannot be
`relatively easily determined without the first password.
`In alternative embodiments, the System or the Storage
`device may store information for biometric authentication of
`the user.
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 shows a block diagram of a system for two-factor
`Security authentication.
`FIG. 2 shows a process flow diagram of a method for
`two-factor Security authentication.
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENT
`In the following description, a preferred embodiment of
`the invention is described with regard to preferred process
`steps and data structures. Those skilled in the art would
`recognize after perusal of this application that embodiments
`of the invention can be implemented using general purpose
`processors or Special purpose processors adapted to particu
`lar proceSS StepS and data Structures described herein, and
`that implementation of the proceSS StepS and data Structures
`described herein would not require undue experimentation
`or further invention.
`Inventions described herein may be used in conjunction
`with inventions described in one or more of the following
`applications:
`application Ser. No. 08/169,654, filed Dec. 17, 1993, in
`the name of the same inventors, titled "Method of
`Automated Signature Verification', attorney docket
`number ACS-001, now abandoned.
`application Ser. No. 08/483,942, filed Jun. 7, 1995, in the
`name of the same inventors, titled "Method of Auto
`mated Signature Verification', attorney docket number
`ACS-002.
`application Ser. No. 08/519,430, filed Aug. 25, 1995, in
`the name of the same inventors, titled "Method of
`Secure Communication Using Signature Verification',
`attorney docket number QUIN-003.
`application Ser. No. 08/641,104, filed Apr. 29, 1996, in the
`name of the same inventors, titled “Secure Application
`of Seals”, attorney docket number QUIN-006.
`application Ser. No. 08/639,613, filed Apr. 29, 1996, in the
`name of the same inventors, titled “Automated Verifi
`cation and Prevention of Spoofing for Biometric Data”,
`attorney docket number QUN-008.
`Each of these applications is hereby incorporated by
`reference as if fully Set forth herein. These applications are
`collectively referred to herein as the “Incorporated Disclo
`Sures’.
`
`Page 3 of 7
`
`

`

`3
`
`6,035,406
`
`System Elements
`FIG. 1 shows a block diagram of a system for two-factor
`Security authentication.
`A system 100 for two-factor security authentication
`includes a processor 110, having program and data memory
`and mass Storage; an input device 120, Such as a keyboard
`and mouse or other pointing device; and a storage device
`drive 130 capable of receiving a physical token 131.
`In a preferred embodiment, the storage device drive 130
`includes a floppy disk drive; a PCMCIA, PC Card, or “smart
`card’ receptacle; a flash memory receptacle, or a credit card
`receptacle or credit card wipe device for reading and writing
`magnetic Stripes. The physical token 131 comprises a cor
`responding Storage device, Such as a floppy disk, a PCMCIA
`or PC Card, a Smart card, a flash memory, or a magnetic
`Striped card.
`The system 110 includes a login service 140 and an
`operating System 150, both Stored on the mass Storage and
`executed by the processor 110 from the program and data
`memory. Operating Systems are known in the art of com
`puters. The login service 140 intercepts attempts by the user
`to log in to the processor 110, and interacts with the physical
`token 131 and with the operating system 150 as described
`herein to perform two-factor Security authentication.
`The login Service 140 maintains an authentication data
`base 141, in which it associates an authentication fingerprint
`F and an authentication number N, for each particular user
`for each particular login Session. Similarly, the operating
`system 150 maintains a password database 151, in which it
`asSociates a password P with each particular user. In a
`preferred embodiment, the password P is stored in the
`password database 151 in an encrypted form. ASSociating
`passwords with users is known in the art of computer
`Security.
`The physical token 131 includes a data block 132, in
`which it stores the authentication number N, the password P
`(in the same encrypted form), and a set of random values
`which are associated with the fingerprint F.
`AS used herein, the term "random', as used in phrases
`Such as "random number” or "random value', refers in a
`preferred embodiment, to numbers or values which are
`generated by a pseudorandom number generator or a method
`for generating pseudorandom numbers. However, in alter
`native embodiments, the term random may refer to numbers
`or values which are truly random, Such as generated by a
`probabilistic or Stochastic process. Techniques relating to
`randomneSS and pseudorandomneSS are described in greater
`detail in works known in the art, Such as D. Knuth, “The Art
`of Computer Programming”, Vol. 2.
`In a preferred embodiment, the fingerprint F is derived in
`response to the Set of random values by computation of a
`CRC or hashing function.
`Method of Operation
`FIG. 2 shows a process flow diagram of a method for
`two-factor Security authentication.
`A method 200 for two-factor security authentication
`includes a Sequence of flow points and Steps as described
`herein.
`At a flow point 210, the user attempts to obtain access to
`the processor 110, and the method 200 for two-factor
`Security authentication is started.
`At a Step 221, the user enters their associated user name.
`In a preferred embodiment, the user name is a unique value
`which describes the user, and may comprise the user's actual
`name, but may also comprise a mnemonic name Such as the
`user's initials. User names are known in the art of computer
`Security. The login Service 140 receives the user name and
`begins execution on the processor 110.
`
`4
`At a step 222, the user enters a first password Q. The login
`service 140 receives the first password Q. The first password
`Q is not the password P which the operating system 150
`asSociates with the user name, and cannot be used to obtain
`access to the processor 110 using the operating System 150.
`The login service 140 uses the physical token 131 to
`determine the password P in response to the first password
`Q, and thereafter authenticates the password P using the
`operating system 150, thus authenticating both that the
`physical token 131 is present and that the first password Q
`was correctly entered. In a preferred embodiment, references
`to the password Pindicate the encrypted form thereof.
`At a step 223, the login service 140 determines a set of
`index values Ni in response to the first password Q. In a
`preferred embodiment, one index value Ni is determined for
`each character of the password P. plus one additional index
`value N0, and the password P is selected to have the
`maximum length permitted by the operating System 150.
`Thus, if the operating system 150 allows (p)-character
`passwords, the password P will have (p) characters and there
`will be at least (p+1) index values Ni.
`In a preferred embodiment, the step 223 is performed
`using the following technique:
`At a Sub-step 223(a), each possible combination of letters
`of the first password Q is determined. Thus, if the first
`password Q is "ABCD', there will be 15 nsuch possible
`combinations, “A”, “B”, “C”, “D”, “AB”, “AC”, “AD”,
`“BC”, “BD”, “CD”, “ABC”, “ABD”, “ACD”, “BCD',
`and “ABCD". If there are more than (p+1) such
`combinations, the first (p+1) combinations are selected.
`At a sub-step 223(b), each selected combination from the
`Sub-Step 223(a) is converted to an integer value. In a
`preferred embodiment, this is performed by casting the
`Selected String values to integer values.
`At a Sub-Step 223(c), each integer value from the Sub-step
`223(b) is input to a pseudorandom number generator,
`So as to determine a pseudorandom number in response
`thereto.
`At a step 224, the login service 140 authenticates the
`physical token 131 and determines the authentication num
`ber N stored thereon.
`In a preferred embodiment, the step 224 is performed
`using the following technique:
`At a sub-step 224(a), the data block 132 from the physical
`token 131 is read into data memory for the processor
`110. In a preferred embodiment, the data block 132
`comprises 2048 values. There is no special significance
`to the value 2048; other values could be used in
`alternative embodiments.
`At a Substep 224(b), the login Service 140 generates a data
`block fingerprint D in response to the data block 132.
`In a preferred embodiment, the data block fingerprint D
`is computed using a CRC or hashing function using all
`2048 values in the data block 132.
`At a sub-step 224(c), the login service 140 compares the
`data block fingerprint D with the fingerprint F it has
`stored in the authentication database 141. If the com
`parison is identical, authentication is So far Successful,
`and the method 200 proceeds to the next sub-step
`224(d). If the comparison is not identical, authentica
`tion is unsuccessful, and the method 200 proceeds with
`an operation for unsuccessful authentication, as
`described herein with reference to the step 227.
`At a sub-step 224(d), the additional index value NO is
`used to indeX into a Selected Section of the data block
`132. In a preferred embodiment, the value at location
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Page 4 of 7
`
`

`

`S
`(2000+N0) is used as the authentication number N.
`There is no special significance to the value 2000; other
`values could be used in alternative embodiments.
`At a sub-step 224(e), the login service 140 compares the
`value at location (2000+N0) with the authentication
`number N it has stored in the authentication database
`141. If the comparison is identical, authentication is So
`far successful, and the method 200 proceeds to the next
`Step 225. If the comparison is not identical, authenti
`cation is unsuccessful, and the method 200 proceeds
`with an operation for unsuccessful authentication, as
`described herein with reference to the step 227.
`At a Step 225, the authentication number N is used as an
`offset for the index values Ni, and each individual indexing
`sum (Ni--N) is used to index into the data block 132 for a
`corresponding character Si of a String S.
`In a preferred embodiment, the step 225 is performed
`using the following technique:
`Each indexing Sum (Ni+N) is computed.
`Each indexing sum (Ni--N) is selected to be unique with
`regard to all other indexing Sums. If any indexing Sums
`are identical, the Second and Succeeding indexing Sums
`are incremented linearly, modulo 2000, until a unique
`value is obtained for each indexing Sum and thus a
`unique indeX is obtained for each corresponding char
`acter Si of the string S.
`The corresponding characters Si are assembled into the
`String S.
`At a step 226, the login service 140 performs such other
`authentication as desired. In a preferred embodiment, there
`is no Such other authentication; however, in alternative
`embodiments, the login Server 140 may perform Signature
`verification for the user in the step 226.
`The step 226 may be performed using the following
`technique:
`The login Server 140 maintains a signature verification
`template T, using techniques Such as described in detail
`in the Incorporated Disclosures.
`At a sub-step 226(a), the login server 140 receives a
`Signature from the user (using a signature receiving
`device, Such as a writing tablet).
`At a sub-step 226(b), the login server 140 determines a
`received signature template R, using techniqueS Such as
`described in detail in the Incorporated Disclosures.
`At a sub-step 226(c), the login server 140 compares the
`received signature template R with the Signature veri
`fication template T, using techniques Such as described
`in detail in the Incorporated Disclosures. If the com
`parison is acceptable, authentication is So far
`Successful, and the method 200 proceeds to the next
`Step 227. If the comparison is not acceptable, authen
`tication is unsuccessful, and the method 200 proceeds
`with an operation for unsuccessful authentication, as
`described herein with reference to the step 227.
`The step 226 may alternatively be performed using the
`following technique:
`At an alternative sub-step 226(a), the login server 140
`reads a Signature verification template T from the
`physical token 131, the Signature verification template
`T having been generated using techniqueS Such as
`described in detail in the Incorporated Disclosures. The
`Signature verification template T may be distributed in
`the data block 132 using a technique similar to the
`techniques described herein for distribution of the
`password P in the data block 132.
`At an alternative sub-step 226(b), the login server 140
`receives a signature from the user (using a signature
`receiving device, Such as a writing tablet).
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6,035,406
`
`5
`
`15
`
`25
`
`6
`At an alternative sub-step 226(c), the login server 140
`determines a received signature template R, using tech
`niques Such as described in detail in the Incorporated
`Disclosures.
`At an alternative sub-step 226(d), the login server 140
`compares the received signature template R with the
`Signature verification template T, using techniques Such
`as described in detail in the Incorporated Disclosures.
`If the comparison is acceptable, authentication is So far
`Successful, and the method 200 proceeds to the next
`Step 227. If the comparison is not acceptable, authen
`tication is unsuccessful, and the method 200 proceeds
`with an operation for unsuccessful authentication, as
`described herein with reference to the step 227.
`At a step 227, the login service 140 passes the string S to
`the operating system 150, which compares it with the
`password P. If the comparison is identical, authentication is
`successful, and the method 200 proceeds to the flow point
`230. If the comparison is not identical, authentication is
`unsuccessful, and the method 200 proceeds with an opera
`tion for unsuccessful authentication.
`In a preferred embodiment, the login server 140 displays
`the fact of unsuccessful authentication and allows the user to
`try again at the flow point 210 after a time delay. In
`alternative embodiments, Such unsuccessful authentication
`events might be logged, or an alarm or other Signal might be
`generated in response thereto. Various methods for treatment
`of unsuccessful authentication are known in the art of
`computer Security.
`At a flow point 230, the user has been successfully
`authenticated. The method 200 for two-factor security
`authentication continues with a Sequence of further flow
`points and Steps.
`At a Step 241, the login Service 140 generates a new data
`block 132 for the physical token 131.
`In a preferred embodiment, the step 241 is performed
`using the following technique:
`The login Service 140 generates a new authentication
`number N*. In a preferred embodiment, the login
`Service 140 selects a random number as the new
`authentication number N*.
`The login Service 140 recomputes the indexing Sums
`(Ni--N*) using the new authentication number N*.
`The login service 140 generates a set of random values for
`the data block 132.
`At a step 242, the login service 140 writes the new data
`block 132 onto the physical token 131.
`In a preferred embodiment, the step 242 is performed
`using the following technique:
`The login service 140 writes the random values into the
`data block 132 on the physical token 131.
`The login service 140 writes each character Pi of the
`password P into the data block 132 at the location
`Specified by the corresponding indexing Sum (Ni+N).
`The login service 140 writes the new authentication
`number N* into the data block 132 at the location
`specified by the additional index value N0, thus, at
`location (2000+N0).
`At a step 243, the login service 140 stores new values in
`its authentication database 141.
`In a preferred embodiment, the step 242 is performed
`using the following technique:
`The login service 140 generates a new fingerprint F* in
`response to the new data block 132, in like manner as
`the data block fingerprint D is computed in the Sub-Step
`224(b).
`
`Page 5 of 7
`
`

`

`7
`The login service 140 stores the new fingerprint F* and
`the new authentication number N* in its authentication
`database 141.
`The operating system 150 maintains the password Pin its
`password database 151. The password P is not changed
`unless the first password Q is changed, in which case the
`login Server 140 generates a new password P and calls on the
`operating system 150 to store the new password P in its
`password database 151.
`Alternative Embodiments
`Although preferred embodiments are disclosed herein,
`many variations are possible which remain within the
`concept, Scope, and Spirit of the invention, and these varia
`tions would become clear to those skilled in the art after
`perusal of this application.
`We claim:
`1. A method for operating a processor to Simultaneously
`authentic a user using a plurality of factors, Said method
`including the Steps of
`executing an operating System on Said processor,
`generating an authentication number N,
`generating a data block for a physical token;
`Writing Said data block onto Said physical token;
`generating an authentication fingerprint F responsive to
`Said new data block,
`Storing Said authentication number N and Said authenti
`cation fingerprint F in an authentication database;
`receiving a user name and asSociated first password Q,
`Said first password Q being other than a password P
`asSociated with Said user name by Said operating Sys
`tem,
`receiving Said physical token having Said data block, Said
`data block including encoded therein said password P
`and Said authentication number N,
`determining in response to Said data block, Said authen
`tication fingerprint F;
`authenticating Said authentication fingerprint F;
`first recovering from Said data block, in response to Said
`first password Q, Said authentication number N,
`Second recovering from Said data block, in response to
`Said first password Q and Said authentication number
`N, said password P; and
`authentication Said password P with Said operating SyS
`tem.
`2. A method as in claim 1, wherein Said Step of first
`recovering includes the Steps of
`determining an index value N0 in response to Said first
`password Q, and
`reading Said authentication number N from Said data
`block in response to said index value N0.
`3. A method as in claim 1, wherein Said Step of Second
`recovering includes the Steps of
`determining a Set of index values Ni in response to Said
`first password Q, one index value Ni for each of a
`plurality of characters Pi of said password P;
`reading each of Said plurality of characters Pi from Said
`data block in response to corresponding Said indeX
`values Ni.
`4. A method as in claim 1, including the Steps of
`generating a new authentication number N,
`generating a new data block for Said physical token,
`including Said new authentication number N,
`Writing Said new data block onto Said physical token;
`generating a new authentication fingerprint F in response
`to Said new data block, and
`
`5
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6,035,406
`
`8
`Storing Said new authentication number N and Said new
`authentication fingerprint F in Said authentication data
`base.
`5. A System for Simultaneously authenticating a user using
`a plurality of factors, Said System including
`a processor having an operating System;
`means for generating an authentication number N,
`means for generating a data block for a physical token,
`including Said authentication number N,
`means for writing Said data block onto Said physical
`token;
`means for generating an authentication fingerprint F in
`response to Said data block,
`means for Storing Said authentication number N and Said
`authentication fingerprint F in an authentication data
`base;
`an input device disposed for receiving a user name and an
`asSociated first password Q, Said first password Q being
`other than a password Passociated with Said user name
`by Said operating System;
`a drive disposed for receiving Said physical token, Said
`physical token having Said data block, Said data block
`including encoded therein Said password P and Said
`authentication number N,
`Said data block having values associated with Said authen
`tication fingerprint F associated with Said user name;
`Said data block having an authentication number N recov
`erable in response to Said first password Q;
`Said data block having Said password P recoverable in
`response to Said first password Q and Said authentica
`tion number N, and
`Said operating System disposed for authenticating Said
`password P.
`6. A System as in claim 5, wherein Said authentication
`number N is recoverable from said data block in response to
`an index value N0, said index value NO determinable in
`response to Said first password Q.
`7. A system as in claim 5, wherein each of a plurality of
`characters Pi of said password P are recoverable from said
`data block in response to a set of corresponding indeX Values
`Ni, said set of index values Ni determinable in response to
`Said first password Q.
`8. A System as in claim 5, including
`means for generating a new authentication number N,
`means for generating a new data block for Said physical
`token, including Said new authentication number N,
`means for writing Said new data block onto Said physical
`token;
`means for generating a new authentication fingerprint F in
`response to Said new data block, and
`means for Storing Said new authentication number N and
`Said new authentication fingerprint F in Said authenti
`cation database.
`9. A System for operating a processor to Simultaneously
`authenticate a user using a plurality of factors, Said System
`including
`a drive capable of receiving a physical token, Said physi
`cal token having a data block, Said data block including
`a Second password encrypted therein, an authentication
`number and a Set of random value associated with an
`authentication fingerprint,
`a login Service having Said authentication fingerprint and
`Said authentication number associated with Said user,
`Said login Service configured to receive a first password
`from Said user,
`
`Page 6 of 7
`
`

`

`6,035,406
`
`9
`reading Said data block from Said physical token, and
`determining Said Second password responsive to Said
`first password, Said authentication fingerprint and Said
`authentication number and Said data block read from
`Said physical token; and
`
`10
`an operating System having Said Second password asso
`ciated with Said user, Said login Service additionally
`configured to provide Said Second password to Said
`operating System.
`
`k
`
`.
`
`.
`
`.
`
`.
`
`Page 7 of 7
`
`